Improper locking in Linux kernel usb dwc3 driver



| Updated: 2025-05-13
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2021-46941
CWE-ID CWE-667
Exploitation vector Local
Public exploit N/A
Vulnerable software
 Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Improper locking

EUVDB-ID: #VU91545

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2021-46941

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the dwc3_set_prtcap(), __dwc3_set_mode() and dwc3_probe() functions in drivers/usb/dwc3/core.c. A local user can perform a denial of service (DoS) attack.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Linux kernel: 5.10 - 5.13 rc5

CPE2.3 External links

https://git.kernel.org/stable/c/fce7bbcd07d59ac30dba8ce225316b3b4c1c7b50
https://git.kernel.org/stable/c/800f58217626c8b147aa40660e572ed8a0d56e3b
https://git.kernel.org/stable/c/1c10fd60c8595ea7ff7e29d3cf1fa88069941da3
https://git.kernel.org/stable/c/f88359e1588b85cf0e8209ab7d6620085f3441d9
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.36
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.20
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.3
https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.13


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###